funsec mailing list archives
RE: so, is I[dp]S a STUPID technology?
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Thu, 13 Oct 2005 13:22:41 -0400
As far as scanning them goes, http://infosec.yorku.ca/tools/ has a scanner that did 4 class B's in under 15 min, (ask J. Glass:) it doesnt check for everything, but you might get it to at least scan for the SANS top 20 in that time with some trial and error.
Just a quick comment... There's a reason that "scanner" is so fast. Unfortunately it's not some new ground breaking scanning technique (it uses multiple process with non-blocking socket operations). It's because it checks for 3 simple things (looking at tcp ports 139/445), which is probably about % 0.001 of things that an VA scanner would be doing. Scanning for SANS top 20 will require writing a completely new tool. And if you want to cover the top 20 completely, your tool will need to be able to login to different services as well. By the time you are done writing this comprehensive SANS top 20 scanner, it won't be able to do a class B net in 10 minutes (and especially 4 class B nets under 15 minutes). It'll take much longer. If you'll try to add an open port scanner (even using the fastest algorithm available), it'll add much more time (130k of ports for each machine * 10000 machines).
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: so, is I[dp]S a STUPID technology?, (continued)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- IPS as anti ddos???? [was: Re: so, is I[dp]S a STUPID technology?] Gadi Evron (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Young, Keith (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 11)
- Re: so, is I[dp]S a STUPID technology? Roland Dobbins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Dave Hawkins (Oct 11)
- RE: so, is I[dp]S a STUPID technology? Kyle Quest (Oct 13)